Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.FEDORA_2004-301.NASL
HistorySep 09, 2004 - 12:00 a.m.

Fedora Core 2 : imlib-1.9.13-19 (2004-301)

2004-09-0900:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
7
JSON

Several heap overflow vulnerabilities have been found in the imlib BMP image handler. An attacker could create a carefully crafted BMP file in such a way that it would cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0817 to this issue.

Users of imlib should update to this updated package which contains backported patches and is not vulnerable to these issues.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2004-301.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14704);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2004-0817");
  script_xref(name:"FEDORA", value:"2004-301");

  script_name(english:"Fedora Core 2 : imlib-1.9.13-19 (2004-301)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora Core host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several heap overflow vulnerabilities have been found in the imlib BMP
image handler. An attacker could create a carefully crafted BMP file
in such a way that it would cause an application linked with imlib to
execute arbitrary code when the file was opened by a victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0817 to this issue.

Users of imlib should update to this updated package which contains
backported patches and is not vulnerable to these issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # https://lists.fedoraproject.org/pipermail/announce/2004-September/000289.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?19699320"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:imlib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:imlib-cfgeditor");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:imlib-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:imlib-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC2", reference:"imlib-1.9.13-19")) flag++;
if (rpm_check(release:"FC2", reference:"imlib-cfgeditor-1.9.13-19")) flag++;
if (rpm_check(release:"FC2", reference:"imlib-debuginfo-1.9.13-19")) flag++;
if (rpm_check(release:"FC2", reference:"imlib-devel-1.9.13-19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "imlib / imlib-cfgeditor / imlib-debuginfo / imlib-devel");
}
VendorProductVersionCPE
fedoraprojectfedoraimlibp-cpe:/a:fedoraproject:fedora:imlib
fedoraprojectfedoraimlib-cfgeditorp-cpe:/a:fedoraproject:fedora:imlib-cfgeditor
fedoraprojectfedoraimlib-debuginfop-cpe:/a:fedoraproject:fedora:imlib-debuginfo
fedoraprojectfedoraimlib-develp-cpe:/a:fedoraproject:fedora:imlib-devel
fedoraprojectfedora_core2cpe:/o:fedoraproject:fedora_core:2

Related

nessus 9
openvas 12
debian 4
ubuntucve 1
cve 2
redhat 1
freebsd 1
securityvulns 1
debiancve 1
gentoo 1
nessus
nessus
FreeBSD : imlib -- BMP decoder heap buffer overflow (75)
2004-08-31 00:00:00
Fedora Core 1 : imlib-1.9.13-15.fc1 (2004-300)
2004-09-09 00:00:00
FreeBSD : imlib -- BMP decoder heap buffer overflow (00644f03-fb58-11d8-9837-000c41e2cdad)
2009-04-23 00:00:00
openvas
openvas
Debian Security Advisory DSA 548-1 (imlib)
2008-01-17 00:00:00
SLES9: Security update for imlib
2009-10-10 00:00:00
Debian Security Advisory DSA 548-2 (imlib)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution
2005-10-26 04:38:33
[SECURITY] [DSA 548-1] New imlib packages fix arbitrary code execution
2004-09-16 12:48:02
[SECURITY] [DSA 548-2] New imlib packages fix arbitrary code execution
2005-10-25 00:00:00
ubuntucve
ubuntucve
CVE-2004-0817
2004-12-31 00:00:00
cve
cve
CVE-2004-0817
2004-12-31 05:00:00
CVE-2004-0802
2004-12-31 05:00:00
redhat
redhat
(RHSA-2004:465) imlib security update
2004-09-15 00:00:00
freebsd
freebsd
imlib -- BMP decoder heap buffer overflow
2004-08-25 00:00:00
securityvulns
securityvulns
[Full-Disclosure] MDKSA-2004:089 - Updated imlib/imlib2 packages fix BMP crash vulnerability
2004-09-08 00:00:00
debiancve
debiancve
CVE-2004-0802
2004-12-31 05:00:00
gentoo
gentoo
ImageMagick, imlib, imlib2: BMP decoding buffer overflows
2004-09-08 00:00:00
JSON
Related for FEDORA_2004-301.NASL
nessus9openvas12debian4ubuntucve1cve2redhat1freebsd1securityvulns1debiancve1gentoo1